Malicious insider behavior within an enterprise corporation's computing network is becoming increasingly common. After such behavior has occurred, the corporation naturally seeks to detect and ameliorate the malicious insider behavior quickly. For example, the enterprise corporation may lose substantial revenue due to data loss caused by the malicious insider. In other words, an individual with formal access to the enterprise corporation's files may cause substantial harm to the corporation both financially and otherwise. These malicious insiders are typically disgruntled employees who either wish to harm the corporation or to provide data to a competitor that has made an offer to the insider.
Although malicious insider behavior presents a significant challenge for enterprise corporations, as outlined above, the challenge has been difficult to overcome fully. For example, conventional corporate access control policies typically do not prevent insider threats. Similarly, the policies may be difficult to implement in a manner that addresses every scenario involving malicious insider behavior. Furthermore, conventional access control policies may not be based on rigorous technological assessment. Accordingly, what is needed are improved systems and methods for protecting computing resources, as discussed further below.